Alert GCSA-13054 - Vulnerabilita' nei prodotti Mozilla (firefox, thunderbird, seamonkey)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-13054
Data: 12 dicembre 2013
Titolo: Vulnerabilita' nei prodotti Mozilla (firefox, thunderbird, seamonkey)
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versioni dei prodotti Mozilla
Firefox, Thunderbird e Seamonkey che risolvono varie vulnerabilita'
potenzialmente sfruttabili da aggressori remoti e locali
per condurre attacchi.
:: Software interessato
Firefox versioni precedenti alla 26.0
Thunderbird versioni precedenti alla 24.2.0
Seamonkey versioni precedenti alla 2.23
:: Impatto
Esecuzione di codice arbitrario da remoto
Accesso al sistema
Security Bypass
Cross Site Scripting
Spoofing
Esposizione di dati sensibili
Denial of service
:: Soluzioni
Aggiornare Firefox alla versione 26
http://www.mozilla.org/it/firefox/new/
Aggiornare Thunderbird alla versione 24.2.0
http://www.mozilla.org/it/thunderbird/
Aggiornare Seamonkey alla versione 2.23
http://www.seamonkey-project.org/releases/
:: Riferimenti
Mozilla Security Advisory
http://www.mozilla.org/en-US/firefox/26.0/releasenotes/
http://www.mozilla.org/security/known-vulnerabilities/firefox.html
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
http://www.mozilla.org/security/known-vulnerabilities/thunderbirdESR.html
http://www.mozilla.org/security/announce/2013/mfsa2013-104.html
http://www.mozilla.org/security/announce/2013/mfsa2013-105.html
http://www.mozilla.org/security/announce/2013/mfsa2013-106.html
http://www.mozilla.org/security/announce/2013/mfsa2013-107.html
http://www.mozilla.org/security/announce/2013/mfsa2013-108.html
http://www.mozilla.org/security/announce/2013/mfsa2013-109.html
http://www.mozilla.org/security/announce/2013/mfsa2013-110.html
http://www.mozilla.org/security/announce/2013/mfsa2013-111.html
http://www.mozilla.org/security/announce/2013/mfsa2013-112.html
http://www.mozilla.org/security/announce/2013/mfsa2013-113.html
http://www.mozilla.org/security/announce/2013/mfsa2013-114.html
http://www.mozilla.org/security/announce/2013/mfsa2013-115.html
http://www.mozilla.org/security/announce/2013/mfsa2013-116.html
http://www.mozilla.org/security/announce/2013/mfsa2013-117.html
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6671
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6672
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6673
Red Hat Security Advisory
http://rhn.redhat.com/errata/RHSA-2013-1812.html
http://rhn.redhat.com/errata/RHSA-2013-1823.html
Ubuntu
http://www.ubuntu.com/usn/usn-2052-1
http://www.ubuntu.com/usn/usn-2053-1
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFSqeUywZxMk2USYEIRAmcKAKCIKJU2+SL+j7/rUo3PWajgVUtaNACgz9Ee
F+0UCJnD1SuFQWCQT4q1ugw=
=CVjZ
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-13054
Data: 12 dicembre 2013
Titolo: Vulnerabilita' nei prodotti Mozilla (firefox, thunderbird, seamonkey)
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versioni dei prodotti Mozilla
Firefox, Thunderbird e Seamonkey che risolvono varie vulnerabilita'
potenzialmente sfruttabili da aggressori remoti e locali
per condurre attacchi.
:: Software interessato
Firefox versioni precedenti alla 26.0
Thunderbird versioni precedenti alla 24.2.0
Seamonkey versioni precedenti alla 2.23
:: Impatto
Esecuzione di codice arbitrario da remoto
Accesso al sistema
Security Bypass
Cross Site Scripting
Spoofing
Esposizione di dati sensibili
Denial of service
:: Soluzioni
Aggiornare Firefox alla versione 26
http://www.mozilla.org/it/firefox/new/
Aggiornare Thunderbird alla versione 24.2.0
http://www.mozilla.org/it/thunderbird/
Aggiornare Seamonkey alla versione 2.23
http://www.seamonkey-project.org/releases/
:: Riferimenti
Mozilla Security Advisory
http://www.mozilla.org/en-US/firefox/26.0/releasenotes/
http://www.mozilla.org/security/known-vulnerabilities/firefox.html
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
http://www.mozilla.org/security/known-vulnerabilities/thunderbirdESR.html
http://www.mozilla.org/security/announce/2013/mfsa2013-104.html
http://www.mozilla.org/security/announce/2013/mfsa2013-105.html
http://www.mozilla.org/security/announce/2013/mfsa2013-106.html
http://www.mozilla.org/security/announce/2013/mfsa2013-107.html
http://www.mozilla.org/security/announce/2013/mfsa2013-108.html
http://www.mozilla.org/security/announce/2013/mfsa2013-109.html
http://www.mozilla.org/security/announce/2013/mfsa2013-110.html
http://www.mozilla.org/security/announce/2013/mfsa2013-111.html
http://www.mozilla.org/security/announce/2013/mfsa2013-112.html
http://www.mozilla.org/security/announce/2013/mfsa2013-113.html
http://www.mozilla.org/security/announce/2013/mfsa2013-114.html
http://www.mozilla.org/security/announce/2013/mfsa2013-115.html
http://www.mozilla.org/security/announce/2013/mfsa2013-116.html
http://www.mozilla.org/security/announce/2013/mfsa2013-117.html
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6671
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6672
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6673
Red Hat Security Advisory
http://rhn.redhat.com/errata/RHSA-2013-1812.html
http://rhn.redhat.com/errata/RHSA-2013-1823.html
Ubuntu
http://www.ubuntu.com/usn/usn-2052-1
http://www.ubuntu.com/usn/usn-2053-1
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFSqeUywZxMk2USYEIRAmcKAKCIKJU2+SL+j7/rUo3PWajgVUtaNACgz9Ee
F+0UCJnD1SuFQWCQT4q1ugw=
=CVjZ
-----END PGP SIGNATURE-----